Questions? Contact Us

 

For businesses breached, the meter keeps on running

On March 8, Home Depot agreed to pay a $25 million settlement to a group of banks for damages incurred during the company's massive 2014 data breach. During that breach, email or credit card information was stolen from more than 50 million customers by thieves who hacked store self check-out terminals.It's one of the largest breaches in history, bu...
Continue reading
1225 Hits
0 Comments

Think PCI Compliance is challenging? Try understanding the fines.

The Payment Card Industry (PCI) Security Standards Council is the governing body who establishes the policies that all merchants that process credit cards – large and small – must follow. The idea is that by following the requirements set in the PCI Data Security Standard, merchants can better protect themselves against cyber attacks and thieves tr...
Continue reading
1150 Hits
0 Comments

Who enforces PCI compliance?

As credit card data becomes increasingly vulnerable to cyber attacks, industry standards have worked to strengthen business security practices to better ensure the privacy and safety of customer data.Credit card vendors American Express, Discover Financial Services, JCB international, MasterCard and Visa formed the PCI (Payment Card Industry) Secur...
Continue reading
1128 Hits
0 Comments

Understanding PCI Compliance vs SSL Certificate

Bar none, securing consumer credit card data is essential to doing business in 2017. And the information security industry is meeting the demand. But as security solutions evolve in scope and scale, it's important to understand the various components so you're confident (and educated) in how to properly secure your customer data.One of the elements...
Continue reading
1012 Hits
0 Comments

Why PCI Compliance is Important to Your Business

For small merchants Payment Card Industry (PCI) standards can seem like a rule that only the big boys of business have to follow. But the consequences of failing to achieve and maintain PCI compliance apply to businesses of all sizes. The thing to remember about PCI rules is that they apply to every merchant that accepts credit cards. A recent inci...
Continue reading
1092 Hits
0 Comments

PCI Glossary of Terms: Frequently Used Terms for PCI Compliance

The world of PCI DSS (Payment Card Industry Data Security Standards) is a fairly new industry requirement in the rapidly evolving world of online credit card transactions. With the first draft of standards coming on the scene in 2004, the PCI Security Standards Council (SSC) has since released seven updates aimed at encouraging merchants to keep up...
Continue reading
1031 Hits
0 Comments

ZZ Servers Achieves PCI DSS 3.2 Level 1 Service Provider Certification

For the fifth consecutive year IT solutions firm ZZ Servers has earned Level 1 Service Provider compliance through the Payment Card Industry Data Security Standards (PCI DSS) version 3.2. Aimed at keeping credit card data secure, the credit card companies American Express, Discover Financial Services, JCB International, MasterCard and Visa administ...
Continue reading
1163 Hits
0 Comments

Preparing for a PCI audit is a marathon, not a sprint

​Payment Card Industry (PCI) compliance is growing in its rigor and scope amid the rapidly evolving world of online and mobile credit card transactions. The PCI Data Security Standards (PCI DSS) aim to protect consumer credit card data by offering businesses an outline of rules and guidelines to ensure their credit card systems are secure.But the r...
Continue reading
1347 Hits
0 Comments

Hosting in a secure environment is necessary for all businesses

Hosting in a secure environment is necessary for all businesses
​In today's online-driven world, it's not a matter of if, but when a business will a victim of a cyber-attack.The threat of a data breach has become so imminent that an entirely branch of insurance products (cyber liability and privacy policies) have exist specifically to cover a business' liability in the event a hacker steals or exposes sensitive...
Continue reading
1847 Hits
0 Comments

What is the Cost of a Data Breach?

What is the Cost of a Data Breach?
A data breach can be costly for any business. A violation of sensitive cardholder data can cost your customers, it can damage your business' reputation and it can rob you of your peace of mind. But the bottom line is that a data breach can hurt your bottom line.And for small businesses the financial impact might be more than you think. In all, 90 p...
Continue reading
3480 Hits
0 Comments

What Is Active Continuous Monitoring and Why Should Businesses Care?

What Is Active Continuous Monitoring and Why Should Businesses Care?
2014 is the year that changed everything in the information security landscape. It became terrifyingly clear that consumers' personal and financial data wasn't safe. Following a series of large data breaches consumers learned first-hand how vulnerable their sensitive information really is. eBay suffered one of the largest losses, admitting hackers ...
Continue reading
1953 Hits
0 Comments

EMV Rollout’s Impact To Online Retailers

EMV Rollout’s Impact To Online Retailers
Online retailers breathed a sigh of relief last month when they didn't have to muddle through the EMV migration alongside traditional retailers.EMV, which stands for Europay, MasterCard, and Visa, is a new global standard for credit cards equipped with computer chips and security technology to authenticate transactions. In the wake of several large...
Continue reading
1839 Hits
0 Comments

PCI DSS and SSL v 3

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure. According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent version of TLS (1.1 or h...
Tags:
Continue reading
1636 Hits
0 Comments

Server cabinet door alarm

The first step in securing servers is to ensure that they are physically as secure as possible and and then monitored for unauthorized access  Many times when setting up servers in a small office or co-location facility many people have their systems in a locking cabinet within a moderately secured physical building.  However a determined attacker ...
Continue reading
1725 Hits
0 Comments

PCI Data Security Standards Rock Video

This short animated video provides an overview of the PCI Data Security Standard in a more entertaining way.
Continue reading
1279 Hits
0 Comments

Anti Virus and PCI Compliance

Last year PCI DSS 1.2 was released changing the intent of the controls required for anti-virus software. In version 1.1 anti-virus software was only required for systems commonly affected by viruses and excluded UNIX based operating systems and mainframes. Version 1.2 now requires all operating system types commonly affected by malicious software b...
Continue reading
1439 Hits
0 Comments

PCI Compliant Hosting - Are you sure your host knows what PCI is and what they are selling?

I recently had a discussion with a potential customer on why they should work with ZZ Servers instead of one of the now hundreds of other hosting providers offering PCI "compliant" hosting services. After spending the last 5 years doing PCI Level 1 validations I have run into many areas that hosting providers just do not get PCI and what hosting pr...
Continue reading
1407 Hits
0 Comments

Amazon confirms EC2/S3 does not meet PCI guidelines

If your business requires PCI compliant hosting services because you store, transmit or process cardholder data, hosting in the cloud may not be for you.  Most cloud providers do not have the controls or processes in place to protect sensitive cardholder data or the willingness to enter into required business arrangements with merchants.  Because o...
Continue reading
1432 Hits
0 Comments

Understanding PCI Levels and Types

Any merchant who accepts credit cards and has a merchant account must validate compliance. It does not matter if you use a 3rd party processor or if you outsource all of your credit card processing. It's the ownership of the merchant account that defines if you must validate compliance. The only to avoid PCI compliance is by not having a merchant a...
Continue reading
1359 Hits
0 Comments

Batteries.com Credit Card Data Stolen

Yet another data breach involving theft of credit card data has been announced. On March 13th, Batteries.com received notice from a customer about potential unauthorized activity on their credit card. They later discovered the Batteries.com network had been breached from around February 25, 2009 to April 9, 2009. The breach involved theft of name...
Continue reading
1503 Hits
0 Comments